Description of problem: Modify the node-config to set the enableUnidling to false and restart the node service. Create service/pod and try to access the service and pod ip:port. The service ip cannot be accessed. Version-Release number of selected component (if applicable): openshift v3.3.0.23-dirty kubernetes v1.3.0+507d3a7 etcd 2.3.0+git How reproducible: always Steps to Reproduce: 1. Setup multinode env with 1 master 1 node 2. Modify the node-config on the node to set the enableUnidling to false # cat node-config.yaml dockerConfig: execHandlerName: "" iptablesSyncPeriod: "30s" kind: NodeConfig enableUnidling: false ... 3. Restart the node service to make it works 4. Create service and rc $ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/networking/list_for_pods.json $ oc get all -owide NAME DESIRED CURRENT AGE CONTAINER(S) IMAGE(S) SELECTOR rc/test-rc 2 2 13m test-pod bmeng/hello-openshift name=test-pods NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR svc/test-service 172.30.144.29 <none> 27017/TCP 13m name=test-pods NAME READY STATUS RESTARTS AGE IP NODE po/test-rc-3wqhb 1/1 Running 0 13m 10.1.0.3 host-8-172-121.host.centralci.eng.rdu2.redhat.com po/test-rc-4b8ow 1/1 Running 0 13m 10.1.0.5 host-8-172-121.host.centralci.eng.rdu2.redhat.com 5. Try to access the svc from the pod [root@fedora23 v3]# oc exec test-rc-3wqhb -- curl -s 10.1.0.5:8080 Hello OpenShift! [root@fedora23 v3]# oc exec test-rc-3wqhb -- curl -s 10.1.0.3:8080 Hello OpenShift! [root@fedora23 v3]# oc exec test-rc-3wqhb -- curl -s 172.30.144.29:27017 error: error executing remote command: error executing command in container: Error executing in Docker Container: 7 6. Check the iptables rules on the node # iptables -t nat -nL | grep 172.30.144.29 Actual results: 5. The service ip:port cannot be accessed from cluster. 6. Nothing found in iptables. Expected results: 5. The service should be able to access from inside the cluster. Additional info:
Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/07c01a63a1cc783446494323ddd7e4b8a6b49e57 Restores the service proxier when unidling is disabled The unidling code change had inadvertently removed the proxier when idling was disabled. This change restores the default proxier (userspace or iptables depending on the config). Bug 1370435
Tested on build v3.3.0.27, issue has been fixed. The service can be accessed when setting the enableUnidling to false on nodes.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1933